ICS & SCADA Security

“Stuxnet has demonstrated what experts have long feared – the entry and penetration of embedded computer systems into all areas of industry means that we now all face a potential risk from computer malware.” (Professor Dr Peter Frohlich, Belden EMEA)

Sometimes we overlook the most obvious problem in cybersecurity?.

We first heard of Stuxnet, the first malware to truly effect process automation systems, in July 2010 with a brief twitter from Automation World’s Gary Mintchell which was followed within hours by a more detailed release from Eric Byres of Byres Technology which we published in full as Security risk to the control industry world!

As the Automation sector and we started to understand more what this involved and indeed the extent and method of the spread of this “infection” we started to compile a list of articles and references to what Byres has called the “little varmint.” Initially these were part of articles which were updated as new resources became known to us but we have decided that perhaps that is not the best way to present them and so we have started this page for more easy access.

Originally we followed only Stuxnet related matters but as things “progressed” we started to include links to other industrial and process related cyber security issues! Thus references to Duqu (Sept 2011) and more recently Flame (May 2012). We welcome notification of resources which discuss cyber security in industrial processes. Please send the URLs to us signpost@read-out.net for inclusion in this list! In some of these posts political opinions may be expressed. Read-out has no control over these opinions expressed in these links and does not necessarily share them. Thank you Stuxnet – the little varmint! – Articles, links and papers

US Computer Emergency Readiness Team (“To assist control systems vendors and asset owners/operators in identifying security vulnerabilities and developing measures to strengthen their security posture and reduce risk through sound mitigation strategies”) The presentation, Introduction to Cyber Security (5/5/2009) by Jon DiPietro of Domesticating IT in those days before we heard about Stuxnet might be useful too. And Strong Points on Cyber-Security from Jim Cahill of Emerson Process Experts (25/2/2010) is also a pre-Stuxnet contribution.

Our service was interrupted, not by malware but by lightening in an unprecedented series of storms which hit Ireland in early January 2014 and which put large areas of our district out of telecommunications contact with the outside world. We will endevour to add links to items on this topic which were published in January as we come across them.

2 Responses to ICS & SCADA Security

SCADA(Supervisory Control And Data Aquisition) generally refers to Industrial Control System(ICS). a PLC may control the flow of cooling water through part of an industrial process, but the SCADA system may allow operators to change the set points for the flow, and enable alarm conditions, such as loss of flow and high temperature, to be displayed and recorded. The feedback control loop passes through the RTU or PLC, while the SCADA system monitors the overall performance of the loop.